Stop Email Threats in Healthcare IT

Breaches in Healthcare: Lessons Learned From HIMSS18

It’s hard to believe that Health IT Conference, HIMSS18, has already come and gone. I feel like my ears are still ringing from the constant dinging of the Venetian slot machines! The conference is an unparalleled gathering of the leaders and doers in healthcare. The opportunity to meet with customers and hear firsthand from those in the industry is invaluable. In the conversations and sessions that I took part in, one theme seemed to constantly surface: the issue of patient security and how that has been impacted by the cyberthreats facing healthcare providers. Ransomware and its ability to potentially disrupt patient care has served as a kind of call to arms. Healthcare organizations are rightly focused on patients first and I heard more than once that security is starting to be viewed through this lens.

During HIMSS I had the opportunity to share some interesting information that Mimecast has complied for the healthcare industry. We looked at three sources to show that:

According to a recent survey, Mimecast commissioned with HIMSS Analytics, healthcare IT leaders recognize that email is the number one threat for data breaches at their organizations.

Existing breach data supports this survey – Email is a growing source of breaches, both in terms of number and total patient records breached.

Let’s start with the first two points. A survey to 75 IT leaders (CIOs, IT directors, CISOs) found that email was the most likely source of a data breach. In fact, email got more 1st place votes than all other categories combined. This is supported by email being the source for the most breaches in Q3 and Q4 of 2017 according to publicly available HHS data. This is over categories like network servers, electronic medical records, laptops, desktops and other portable electronic devices. There were other great insights in the survey which I’d encourage you to check out in The Health of Email Security infographic.

Extensive Research on Email Threats

Mimecast views billions of emails each month for our 29,000+ customers, which includes more than 1,300 healthcare customers around the globe. From November 2017 through January 2018, Mimecast aggregated and analyzed email threats to provide greater insight into the types of incidents most likely to impact a healthcare organization. The research shows the following:

Locky malware and its variants are the most commonly-known malware stopped by Mimecast virus scanners. This is true across all industries as well.

Malicious attachments analyzed by the Mimecast sandbox are the most popular Microsoft Office attachments. In fact, over four in five attachments are either .doc, .xls or .docm.

Healthcare employees continue to click on links in email that may cause harm to the organization. The most common link type clicked is malware.

Impersonation or business email compromise attacks that have caused over $5 billion in losses according to the FBI are a threat to the healthcare industry.

In addition to scanning inbound email for the presence of a malicious payload or intent in the case of impersonation attacks, a strategy for managing account compromise is necessary. Scanning internal and outbound mail can help prevent the spread of malware from further impacting the organization or another organization.

It’s encouraging to see that those in healthcare are addressing security needs and are thinking about potential patient ramifications if there is an event.